docs: purge stale fabb3421 narrative — Mail.Send already lives in the 365 app suite
Mail.Send is NOT an open decision or a 'blocked' item: the Exchange Operator tier (b43e7342) already holds Graph Mail.Send + Mail.ReadWrite + MailboxSettings.ReadWrite (the suite's IR victim-notification mail path). /mailbox (ACG own-mail) separately uses the dedicated ComputerGuru Mailbox app 1873b1b0. The deleted fabb3421/Claude-MSP-Access app is now referenced only as DELETED/do-not-use across all live surfaces. Corrected: remediation-tool gotchas.md (removed 'suite has no mail scopes / mailbox BLOCKED / decision-not-executed'), commands/mailbox.md (header + Attribution no longer name the deleted app as active), feedback memory (promoted 'suite has Mail.Send — settled' to a headline), breach-report template, .grok mirrors, credentials.md, CATALOG_SHARED_DATA.md, and wiki (internal-infrastructure, glaztech, dataforth). Removed dead plaintext secret for the deleted app from CATALOG_SHARED_DATA.md. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -460,43 +460,10 @@ curl -s "https://cippcanvb.azurewebsites.net/api/ListLicenses?TenantFilter=sonor
|
||||
- **App ID:** d545a836-7118-44f6-8852-d9dd64fb7bb9
|
||||
- **Status:** Authenticated but all endpoints returned 403
|
||||
|
||||
### Claude-MSP-Access (Multi-Tenant Graph API)
|
||||
- **Service:** Direct Graph API access for M365 investigations
|
||||
- **Tenant ID:** ce61461e-81a0-4c84-bb4a-7b354a9a356d
|
||||
- **App ID (Client ID):** fabb3421-8b34-484b-bc17-e46de9703418
|
||||
- **Client Secret:** ~QJ8Q~NyQSs4OcGqHZyPrA2CVnq9KBfKiimntbMO
|
||||
- **Secret Expires:** 2026-12 (24 months)
|
||||
- **Sign-in Audience:** Multi-tenant (any Entra ID org)
|
||||
- **Purpose:** Direct Graph API access for M365 investigations and remediation
|
||||
- **Admin Consent URL:** https://login.microsoftonline.com/common/adminconsent?client_id=fabb3421-8b34-484b-bc17-e46de9703418&redirect_uri=https://login.microsoftonline.com/common/oauth2/nativeclient
|
||||
- **Permissions:** User.ReadWrite.All, Directory.ReadWrite.All, Mail.ReadWrite, MailboxSettings.ReadWrite, AuditLog.Read.All, Application.ReadWrite.All, DelegatedPermissionGrant.ReadWrite.All, Group.ReadWrite.All, SecurityEvents.ReadWrite.All, AppRoleAssignment.ReadWrite.All, UserAuthenticationMethod.ReadWrite.All
|
||||
- **Created:** 2025-12-29
|
||||
- **Access Methods:** Graph API (OAuth 2.0)
|
||||
|
||||
#### Usage (Python)
|
||||
```python
|
||||
import requests
|
||||
|
||||
tenant_id = "CUSTOMER_TENANT_ID" # or use 'common' after consent
|
||||
client_id = "fabb3421-8b34-484b-bc17-e46de9703418"
|
||||
client_secret = "~QJ8Q~NyQSs4OcGqHZyPrA2CVnq9KBfKiimntbMO"
|
||||
|
||||
# Get token
|
||||
token_resp = requests.post(
|
||||
f"https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token",
|
||||
data={
|
||||
"client_id": client_id,
|
||||
"client_secret": client_secret,
|
||||
"scope": "https://graph.microsoft.com/.default",
|
||||
"grant_type": "client_credentials"
|
||||
}
|
||||
)
|
||||
access_token = token_resp.json()["access_token"]
|
||||
|
||||
# Query Graph API
|
||||
headers = {"Authorization": f"Bearer {access_token}"}
|
||||
users = requests.get("https://graph.microsoft.com/v1.0/users", headers=headers)
|
||||
```
|
||||
### Claude-MSP-Access (Multi-Tenant Graph API) — DELETED 2026-06-14, DO NOT USE
|
||||
- **Status:** App `fabb3421-8b34-484b-bc17-e46de9703418` was DELETED from the azcomputerguru.com tenant on 2026-06-14. Every token request now returns **AADSTS700016**. The old client secret is dead (app gone). Do not reintroduce.
|
||||
- **Replaced by:** the tiered **ComputerGuru remediation app suite** — Security Investigator `bfbc12a4`, Exchange Operator `b43e7342` (holds Graph **Mail.Send / Mail.ReadWrite / MailboxSettings.ReadWrite** — the suite's mail-send path), User Manager `64fac46b`, Tenant Admin `709e6eed`, Defender Add-on `dbf8ad1a`. Secrets in `msp-tools/computerguru-*.sops.yaml`. Acquire tokens via `bash .claude/skills/remediation-tool/scripts/get-token.sh <tenant-id> <tier>`.
|
||||
- **ACG own-mail (`/mailbox`):** dedicated app `1873b1b0-3377-485c-a848-bae9b2f8f1f5`, vault `msp-tools/computerguru-mailbox.sops.yaml`.
|
||||
|
||||
---
|
||||
|
||||
@@ -875,7 +842,7 @@ curl http://172.16.3.20:3001/health
|
||||
- **Web Applications:** 7 (Gitea, NPM, Cloudflare, CIPP, etc.)
|
||||
- **Databases:** 5 (PostgreSQL x2, MariaDB x2, MySQL x1)
|
||||
- **API Keys/Tokens:** 12 (Gitea, Cloudflare, WHM, Syncro, Autotask, CIPP, GuruRMM, etc.)
|
||||
- **Microsoft Entra Apps:** 5 (GuruRMM SSO, Seafile Graph, Claude-MSP-Access, Dataforth Claude-Code, CIPP)
|
||||
- **Microsoft Entra Apps:** GuruRMM SSO, Seafile Graph, ComputerGuru remediation suite (5 tiers) + Mailbox app, Dataforth Claude-Code, CIPP (the old Claude-MSP-Access single app was deleted 2026-06-14)
|
||||
- **SSH Keys:** 3 (guru@wsl, azcomputerguru@local, gururmm-build-server)
|
||||
- **Client Tenants:** 5 (MVAN, BG Builders, Dataforth, CW Concrete, Valley Wide Plastering, Khalsa)
|
||||
- **Client Networks:** 4 (Dataforth, Valley Wide, Khalsa, Scileppi)
|
||||
|
||||
Reference in New Issue
Block a user